<?php
/**
 * Ajax操作类
 * @author yaoli<yaoli@pateo.com.cn>
 * @version 1.0 GetUser add by yaoli<yaoli@pateo.com.cn> 
 */
 class  filter {	
	
	/**
	 * 动作
	 *
	 * @see AActionBase::action()
	 */
	  function action() {
		
		$sql = "select * from user where name = ?";
		echo str_replace( "?" , $this->quote( "'刘德华' or 1==1" , "String" ) , $sql );
	}
	
	
	/**
	 * Zend防注入方法
	 * @param 过滤数据 $value
	 * @param 指定类型  $type
	 */
	static function quote($value,$type='string'){
		
		if( $type == "int" ){
			return intval( $value );
		}elseif( $type == "float" ){
			return sprintf('%F', $value );
		}else{
			return addcslashes($value, "\000\n\r\\'\"\032");
		}	
	}
	
	/**
	 * 生成表单验证码
	 */
	static function  formhash(){
		$hash=self::uuid("1001_");
		$_SESSION['formhash'] = $hash;
		
		#每次随机赋给sessionid，防止伪造session攻击
		session_regenerate_id();
		return $hash;		
	}
	
	/**
	 * 校验表彰hashcode
	 */
	static function checkformhash($hash){
		#dumpe($hash.'<>'.$_SESSION['formhash']);
		
		if(!DEBUG){
			if((empty($_SERVER['HTTP_REFERER']) || 
					preg_replace("/https?:\/\/([^\:\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) != preg_replace("/([^\:]+).*/", "\\1", $_SERVER['HTTP_HOST']))){
				show404("非法的域名提交!");
				exit;
			}
		 	/* dump($hash);
			echo "|||";
			dumpe($_SESSION['formhash']);  */
			if($_SESSION['formhash'] != $hash){
				session_destroy();
				show404("非法的表单提交!");
				exit;
			}else{
				
				return null;
			}
		}
	}
	
	/**
	 * 校验submit请求
	 * 防止表单重复提交，异哉提交
	 */
	function submitcheck(){
		if((empty($_SERVER['HTTP_REFERER']) || preg_replace("/https?:\/\/([^\:\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\:]+).*/", "\\1", $_SERVER['HTTP_HOST'])) && $_POST['formhash'] == self::formhash()) {
		
		}
	}
	
	/**
	 * Generates an UUID
	 *
	 * @author     Anis uddin Ahmad
	 * @param      string  an optional prefix
	 * @return     string  the formatted uuid
	 */
	static function uuid($prefix = '')
	{
		
		
		$chars = md5(uniqid(mt_rand(), true));
		$uuid  = substr($chars,0,8) . '-';
		$uuid .= substr($chars,8,4) . '-';
		$uuid .= substr($chars,12,4) . '-';
		$uuid .= substr($chars,16,4) . '-';
		$uuid .= substr($chars,20,12);
		return $prefix . $uuid;
	}
	

}